<?php
/**
+--------------------------------------------------------------
 * User: maqun
+--------------------------------------------------------------
 * Date: 2016/1/9
+--------------------------------------------------------------
 * Time: 21:44
+--------------------------------------------------------------
 * 基类,所有action都继承此类,创建所有控制器公用的方法
+--------------------------------------------------------------
 */
class BaseAction extends Action{

    const Teacher_id  = 'liuyong';//特殊的用户id
    protected static $action = 0; //导航从左至又的顺序值,用于前端页面控制显示当前样式
    /**
     * 初始化信息,类似构造函数
     */
    public function _initialize(){

        $this->assign('action',self::$action);

        if($this->_checkPurview()){    //检查用户是否登录，否则跳到登录页面
           $this->error('没有权限',U('Index/index'));
        }

        $this->assign('session',$_SESSION);
        $this->assign('menus',$this->_getMenus());//菜单
    }

    /**
     * @return bool
     * 权限验证
     */
    protected function _checkPurview(){
        #获得路径
        $action = strtolower(ACTION_NAME); //方法名
        $url    = strtolower(MODULE_NAME);  //控制器名
//        $url = trim(__GROUP__,'/')."/".$url;//分组名称,

        if($action=='return_url'){
            $action = '';
        }
        $url .= '/'.$action;

        $url = trim(trim($url,'/'));

        #登陆前 不需要权限的页面
        if(in_array($url,C('public_page_no_login'))){
            return false;
        }

        #没有登录
        if(empty($_SESSION['USER'])){
            redirect(U('User/login'));
        }
        #登陆后 不需要权限的页面

        if(in_array($url,C('public_page'))){
            return false;
        }
        #管理员有所有权限
        if(0 == $_SESSION['USER']['purview']){
            return false;
        }

        #判断权限
        if(!in_array($url,$_SESSION['USER']['purview_url'])){

            return true;
        }
    }

    /**
     * @return mixed
     * 获取权限
     */
    protected function _getMenus(){

        $menus = C('menus');

        if($_SESSION['USER']['id']==self::Teacher_id){
            return $menus;
        }else{
            return $this->_returnUrl($menus,$_SESSION['USER']['purview_url']);
        }
    }

    /**
     * @param $arr
     * @param $purview_urls
     * 通过权限过滤左侧菜单
     */
    protected function _returnUrl($arr,$purview_urls){

        foreach($arr as $k=>$v){

            if(!empty($v['list']) && is_array($v['list'])){
                $this->_returnUrl($v['list'],$purview_urls);
            }
            $str = explode('/',rtrim($v['url'],".html"));
            $str = strtolower($str[1].'/'.$str[2]);
            if(!in_array($uc,$purview_urls)){
                unset($v);
            }
        }
        return $arr;
    }
    /**
     * @param $id
     * @return mixed|string
     * 过滤输入不合法的题目id 防止sql注入
     */
    public function filterId($id){
        if(empty($id)){
            return '';
        }
        $id = str_replace("，",",",$id);
        $ids = explode(",",$id);
        $temp = array();
        foreach($ids as $k=>$v){
            $temp[] = intval($v);
        }
        $id = implode(',',$temp);
        return $id;
    }

    /**
     * @param $user_id
     * @return int|string
     * 过滤用户输入的user_id防止sql注入
     */
    public function filterUserid($user_id){

        $id = trim($user_id);
        if(empty($id)){
            return '';
        }
        if (is_numeric($id)) {
            if($id != intval($id)){
                return doubleval($id); //学号超过十位数
            }
            return intval($id);
        }
        if (is_string($id)) {
            if (self::Teacher_id === strtolower($id)) {
                return self::Teacher_id;
            } else {
                return '';
            }
        }
    }
}